Thursday, September 22, 2005

Computerworld has a thoughtful opinion piece by Bruce Levinson on thinking about the cyber-unthinkable: How do you (person or organization) respond to that inevitable day when the Internet, or your access to it, fails catastrophically.

As a former senior FEMA official under the Clinton administration explained, "There's only two kinds of levees: Ones that have failed and those that will fail." The same is true for cyber-levees.

The Internet today is in the same position as New Orleans was before the hurricane, a heavily fortified resource of incalculable economic and cultural value whose protections will one day inevitably fail...

Not only are there limits to how far we can go in securing the Internet, there should be limits. After all, the most secure computer is one that is unplugged. Enjoying the social and economic benefits of the Internet also inherently means accepting and learning to manage risk.

Just as the world was shocked by the devastation of New Orleans, a scenario that has been predicted for decades, so too will the globe be staggered by the failure of the Internet. There are still many people and institutions who don't appreciate just how intertwined the Internet has become in virtually every aspect of modern society.

New Orleans will eventually be rebuilt in some form. The Internet will most likely be repaired much more quickly. However, the consequences of each failure will reverberate long after working infrastructures have been restored.

What is needed is not just to protect the Internet but also to prepare for the time when those protections fail...

One of the lessons learned from Katrina and 9/11 is that communications failures are the first consequence of disaster. Radios fail. Cell phone networks become overwhelmed. Plain old telephone service goes down. Since the Internet is really nothing more than a means of communicating, Internet-disaster planners should recognize that what you are going to experience is a failure to communicate.

Depending on what causes a major disruption (natural disaster, violence, cyber-attack) it would not be surprising to see virtually all non-human communications networks fail, including phones, cell phones and even local wireless networks...

Contingency plans are great at providing lists of steps for people to take during various scenarios. They rarely explain what to do when the situation doesn't fit of one the prepared scenarios or if you can't take one or more of the listed steps. Plans don't always fail but that is a reasonable way to bet...

It may be possible to draft effective guidance on the back of the proverbial envelope. Regardless of what developmental approach is used, try to do it without PowerPointing everyone to tears...

So get ready for when your cyber-levees fail, since, as the former Robert Zimmerman explained, a hard rain's a-gonna fall.